Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 6108 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

guest network question

B.R.O.

has anyone assign another public ip for your wireless guest or put the guest network on a dedicated firewall in case they get on a black list?



This thread was automatically locked due to age.
  • +1

    If possible, you will definitely want to masq your guest network with a public IP used only for it.

    Also, if you're running the guest network through a Web Filtering Profile, you will want to use the new capability described in How to change the outgoing interface for Web Filtering.  Rather than use the suggested method of enabling this capability, do the following as root:

    cc set http enable_out_interface 1

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Awesome thanks!  Here are the main steps I did to hopefully achieve my goal of keeping the network separate with a different public ip in case they get on the black list.

    1.  I created an additional address on the WAN bridge

    2.  Created a web filter profile called guest wireless

     

    3.  For Allow networks = Network Object of Guest Network Definition and  under Optional: Interface for outgoing traffic: select interface Network = additional address on WAN bridge in first step.

     

     

     

    Masquerading Rule:  Guest_Wifi_VLAN->WAN Bridge + Guest Public IP

     

    Then Firewall Rule

Unfiltered HTML